Nicolas Christin
@nc2y.bsky.social
Prof. at Carnegie Mellon University. Computer security, online crime, and assorted online seediness. Reformed(?) hacker. Economic migrant.
📍 Pittsburgh, PA, mostly
🕸️ https://www.andrew.cmu.edu/user/nicolasc
📍 Pittsburgh, PA, mostly
🕸️ https://www.andrew.cmu.edu/user/nicolasc
Reposted by Nicolas Christin
HTTPS by default security.googleblog.com/2025/10/http...
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 9:15 PM
HTTPS by default security.googleblog.com/2025/10/http...
Last week my student Ally Nisenoff published "Exploiting the Shared Storage API" at @acm_ccs: www.andrew.cmu.edu/user/nicolas...
3 days later, Google announced they're abandoning Shared Storage:
privacysandbox.com/news/update-...
(Correlation doesn't imply causation. Interesting, though.)
3 days later, Google announced they're abandoning Shared Storage:
privacysandbox.com/news/update-...
(Correlation doesn't imply causation. Interesting, though.)
www.andrew.cmu.edu
October 20, 2025 at 7:13 PM
Last week my student Ally Nisenoff published "Exploiting the Shared Storage API" at @acm_ccs: www.andrew.cmu.edu/user/nicolas...
3 days later, Google announced they're abandoning Shared Storage:
privacysandbox.com/news/update-...
(Correlation doesn't imply causation. Interesting, though.)
3 days later, Google announced they're abandoning Shared Storage:
privacysandbox.com/news/update-...
(Correlation doesn't imply causation. Interesting, though.)
We're hosting the 7th intl' conf. on Advances in Financial Technologies (AFT'25) at Carnegie Mellon on Oct. 8-10. Join us to hear about the latest exciting developments in crypto research. Registration closes on Sept 16!
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)
Advances in Financial Technologies
advfintech.org
September 11, 2025 at 7:34 PM
We're hosting the 7th intl' conf. on Advances in Financial Technologies (AFT'25) at Carnegie Mellon on Oct. 8-10. Join us to hear about the latest exciting developments in crypto research. Registration closes on Sept 16!
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)
advfintech.org/aft25/attend...
(Program: advfintech.org/aft25/progra...)
This is concerning, it seems like lower fees on Ethereum are facilitating address poisoning attacks…
x.com/toxin_tagger...
x.com/toxin_tagger...
Toxin Tagger (T-T) on X: "🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3" / X
🚨Warning🚨: There was a surge in the number of poisoning attacks on Ethereum, potentially due to the lower transaction fees. Figures: Daily number of poisoning transfers in August 2025 for Ethereum and BSC. https://t.co/jorxvN3hv3
x.com
September 3, 2025 at 5:30 PM
This is concerning, it seems like lower fees on Ethereum are facilitating address poisoning attacks…
x.com/toxin_tagger...
x.com/toxin_tagger...
“Canadian pharmacist helps run notorious deepfake porn site.”
The online crime jokes write themselves.
The online crime jokes write themselves.
August 15, 2025 at 4:37 PM
“Canadian pharmacist helps run notorious deepfake porn site.”
The online crime jokes write themselves.
The online crime jokes write themselves.
Reposted by Nicolas Christin
I'm presenting my USENIX paper "How Researchers De-Identify Data in Practice" at 9am this Thursday. Kudos to my co-authors Paige Pepitone, @adamaviv.bsky.social, and @mmazurek.bsky.social. Come say hi—I am on the academic job market!
Here's the paper: www.usenix.org/conference/u...
#usesec25
Here's the paper: www.usenix.org/conference/u...
#usesec25
August 13, 2025 at 4:40 PM
I'm presenting my USENIX paper "How Researchers De-Identify Data in Practice" at 9am this Thursday. Kudos to my co-authors Paige Pepitone, @adamaviv.bsky.social, and @mmazurek.bsky.social. Come say hi—I am on the academic job market!
Here's the paper: www.usenix.org/conference/u...
#usesec25
Here's the paper: www.usenix.org/conference/u...
#usesec25
Taro just presented this at #usesec25, and will be manning the poster shortly. If you are around we would love to hear from you.
New research alert 🚨 from my group, “Blockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)
Blockchain Address Poisoning
In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...
arxiv.org
August 13, 2025 at 8:30 PM
Taro just presented this at #usesec25, and will be manning the poster shortly. If you are around we would love to hear from you.
I’m not sure there is a more clichéed Seattle experience than having a latte at a local coffee shop with some salmon on toast while they’re blaring Soundgarden’s “Outshined.”
August 13, 2025 at 3:26 PM
I’m not sure there is a more clichéed Seattle experience than having a latte at a local coffee shop with some salmon on toast while they’re blaring Soundgarden’s “Outshined.”
My student Jenny Tang (coadvised with @lujobauer.bsky.social) is making friends at SOUPS with our paper on looking at 10 years of SOUPS papers and reviewing how solid the stats were. Basically: not great, not great at all. (And that includes my own work.)
Paper: www.andrew.cmu.edu/user/nicolas...
Paper: www.andrew.cmu.edu/user/nicolas...
www.andrew.cmu.edu
August 12, 2025 at 10:18 PM
My student Jenny Tang (coadvised with @lujobauer.bsky.social) is making friends at SOUPS with our paper on looking at 10 years of SOUPS papers and reviewing how solid the stats were. Basically: not great, not great at all. (And that includes my own work.)
Paper: www.andrew.cmu.edu/user/nicolas...
Paper: www.andrew.cmu.edu/user/nicolas...
New research alert 🚨 from my group, “Blockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)
Blockchain Address Poisoning
In many blockchains, e.g., Ethereum, Binance Smart Chain (BSC), the primary representation used for wallet addresses is a hardly memorable 40-digit hexadecimal string. As a result, users often select ...
arxiv.org
July 21, 2025 at 5:10 PM
New research alert 🚨 from my group, “Blockchain Address Poisoning” (Tsuchiya et al.), to appear at USENIX Security 2025 (arxiv.org/abs/2501.16681)! As a follow-up, we also developed a real-time detection system: cryptotrade.cylab.cmu.edu/poisoning/ and x.com/toxin_tagger (1/7)
Reposted by Nicolas Christin
CMU S3D’s “Tartan Federer” swept all 4 MIDST tracks, revealing privacy gaps in diffusion models.
Its loss-feature attack was the only entry to beat random guessing in the white-box multi-table test.
Details: s3d.cmu.edu/news/2025/0501-midst.html
#AIPrivacy #CMU #AI #ML!
Its loss-feature attack was the only entry to beat random guessing in the white-box multi-table test.
Details: s3d.cmu.edu/news/2025/0501-midst.html
#AIPrivacy #CMU #AI #ML!
CMU's "Tartan Federer" Team Sweeps All Four Tracks at International AI Privacy Challenge - Software and Societal Systems Department - School of Computer Science - Carnegie Mellon University
Carnegie Mellon University's "Tartan Federer" team, led by S3D’s Zhiwei Steven Wu, achieved a clean sweep at the 2025 Vector Institute MIDST Challenge, winning all four competition tracks. Their innov...
s3d.cmu.edu
June 19, 2025 at 8:01 PM
CMU S3D’s “Tartan Federer” swept all 4 MIDST tracks, revealing privacy gaps in diffusion models.
Its loss-feature attack was the only entry to beat random guessing in the white-box multi-table test.
Details: s3d.cmu.edu/news/2025/0501-midst.html
#AIPrivacy #CMU #AI #ML!
Its loss-feature attack was the only entry to beat random guessing in the white-box multi-table test.
Details: s3d.cmu.edu/news/2025/0501-midst.html
#AIPrivacy #CMU #AI #ML!
Reposted by Nicolas Christin
Just because your prof didn't file an academic dishonesty report does not mean that they don't know you cheated.
Knowing you did it and proving it to the hearing board are two different thresholds.
Knowing you did it and proving it to the hearing board are two different thresholds.
What is common knowledge in your field, but shocks outsiders?
Scientists and governments aren’t colluding to hide the cure for cancer.
Scientists and governments aren’t colluding to hide the cure for cancer.
What is common knowledge in your field, but shocks outsiders?
Almost all of the bugs and problems and breakage in the software you use is known to the engineers, we just aren't allowed to fix it. Gotta ship new features.
Almost all of the bugs and problems and breakage in the software you use is known to the engineers, we just aren't allowed to fix it. Gotta ship new features.
June 17, 2025 at 12:46 AM
Just because your prof didn't file an academic dishonesty report does not mean that they don't know you cheated.
Knowing you did it and proving it to the hearing board are two different thresholds.
Knowing you did it and proving it to the hearing board are two different thresholds.
PSA: If you're using homebrew, and discovered that MAME crashes w/ a Bus Error upon startup after upgrading to Sequoia, 1) update mame.ini so that the line containing gl_lib points to /System/Library/Frameworks/OpenGL.framework/Libraries/libGLVMPlugin.dylib 2) launch w/ DYLD_LIBRARY_PATH="" mame
June 16, 2025 at 10:46 PM
PSA: If you're using homebrew, and discovered that MAME crashes w/ a Bus Error upon startup after upgrading to Sequoia, 1) update mame.ini so that the line containing gl_lib points to /System/Library/Frameworks/OpenGL.framework/Libraries/libGLVMPlugin.dylib 2) launch w/ DYLD_LIBRARY_PATH="" mame
🧵 about a new paper by my amazing students and collaborators. To appear this week at SIGMETRICS. 👇
I am delighted to announce that our paper “Blockchain Amplification Attack” has been accepted to ACM SIGMETRICS. This week, I will be in Stony Brook to present our work!
Amazing coauthors: Liyi Zhou, Kaihua Qin, Arthur Gervais, and @nc2y.bsky.social
Paper: dl.acm.org/doi/10.1145/...
TLDR below.
Amazing coauthors: Liyi Zhou, Kaihua Qin, Arthur Gervais, and @nc2y.bsky.social
Paper: dl.acm.org/doi/10.1145/...
TLDR below.
Blockchain Amplification Attack | Proceedings of the ACM on Measurement and Analysis of Computing Systems
Strategies related to the blockchain concept of Extractable Value (MEV/BEV), such
as arbitrage, front-, or back-running create strong economic incentives for network
nodes to reduce latency. Modified ...
dl.acm.org
June 9, 2025 at 10:40 PM
🧵 about a new paper by my amazing students and collaborators. To appear this week at SIGMETRICS. 👇
Reposted by Nicolas Christin
CMU researchers are using personalized models to decode how cancer behaves in individual patients, one of medicine's toughest challenges.
Through individualized data and insights, their work revealed hidden #cancer subtypes that could inform treatment and improve survival predictions.
#Research
Through individualized data and insights, their work revealed hidden #cancer subtypes that could inform treatment and improve survival predictions.
#Research
CMU Researchers Build Personalized Models To Advance Precision Cancer Care
Researchers from Carnegie Mellon University’s School of Computer Science developed a new approach to bridge this gap between available data and actionable insight, creating personalized models to help...
www.cmu.edu
June 6, 2025 at 1:32 PM
Looking for a home for your great scientific result in fintech that is almost all written up and ready to go? The AFT deadline is in less than 24 hours…
aftconf.github.io/aft25/index....
aftconf.github.io/aft25/index....
Advances in Financial Technologies
aftconf.github.io
May 28, 2025 at 11:57 AM
Looking for a home for your great scientific result in fintech that is almost all written up and ready to go? The AFT deadline is in less than 24 hours…
aftconf.github.io/aft25/index....
aftconf.github.io/aft25/index....
Reposted by Nicolas Christin
Pasta sauce cookie is something you should only attempt after you’ve gotten your second Michelin star.
Like, David Chang, I’d eat his pasta sauce cookie no questions. Doing it myself because the teevee told me to, yeah, no.
Like, David Chang, I’d eat his pasta sauce cookie no questions. Doing it myself because the teevee told me to, yeah, no.
They just ran a commercial for Google AI where a guy was making pasta sauce and poured too much sugar in, and the AI suggested he turn it into cookies (?). Then he ate one and was like “mmm!”
What the actual fuck is wrong with this whole planet man
What the actual fuck is wrong with this whole planet man
May 25, 2025 at 4:24 AM
Pasta sauce cookie is something you should only attempt after you’ve gotten your second Michelin star.
Like, David Chang, I’d eat his pasta sauce cookie no questions. Doing it myself because the teevee told me to, yeah, no.
Like, David Chang, I’d eat his pasta sauce cookie no questions. Doing it myself because the teevee told me to, yeah, no.
Reposted by Nicolas Christin
In NYC, a man was tortured for two weeks for Bitcoin. He escaped. Alice Hutchings @message4bob.bsky.social and colleagues tell us it's happening around the world.
Conference paper: "Investigating Wrench Attacks: Physical Attacks: Targeting Cryptocurrency Users"
drops.dagstuhl.de/storage/00li...
Conference paper: "Investigating Wrench Attacks: Physical Attacks: Targeting Cryptocurrency Users"
drops.dagstuhl.de/storage/00li...
May 24, 2025 at 9:00 PM
In NYC, a man was tortured for two weeks for Bitcoin. He escaped. Alice Hutchings @message4bob.bsky.social and colleagues tell us it's happening around the world.
Conference paper: "Investigating Wrench Attacks: Physical Attacks: Targeting Cryptocurrency Users"
drops.dagstuhl.de/storage/00li...
Conference paper: "Investigating Wrench Attacks: Physical Attacks: Targeting Cryptocurrency Users"
drops.dagstuhl.de/storage/00li...
Reposted by Nicolas Christin
Next was an intriguing talk by McKenna McCall on the need to combine formal methods and usable security approaches at @cmus3d.bsky.social www.youtube.com/watch?v=qbnq... (5/7)
Current Topics in Privacy-January 21st 2025-McKenna McCall
YouTube video by Carnegie Mellon Software and Societal Systems Dept
www.youtube.com
May 6, 2025 at 2:26 AM
Next was an intriguing talk by McKenna McCall on the need to combine formal methods and usable security approaches at @cmus3d.bsky.social www.youtube.com/watch?v=qbnq... (5/7)
Reposted by Nicolas Christin
These talented young musicians teamed up to bring the joy of music to young children in the community. Please support their cause.
6pm (CT) tonight at Nichols Hall, Evanston.
Please join us in person or through the live stream.
youtube.com/live/MxXwBr_...
6pm (CT) tonight at Nichols Hall, Evanston.
Please join us in person or through the live stream.
youtube.com/live/MxXwBr_...
May 18, 2025 at 9:49 PM
These talented young musicians teamed up to bring the joy of music to young children in the community. Please support their cause.
6pm (CT) tonight at Nichols Hall, Evanston.
Please join us in person or through the live stream.
youtube.com/live/MxXwBr_...
6pm (CT) tonight at Nichols Hall, Evanston.
Please join us in person or through the live stream.
youtube.com/live/MxXwBr_...
Reposted by Nicolas Christin
Lawrenceville. 44th Street. If you accidentally left your rooster in your locked car, PD is about to break your window.
May 11, 2025 at 6:14 PM
Lawrenceville. 44th Street. If you accidentally left your rooster in your locked car, PD is about to break your window.
Reposted by Nicolas Christin
If you're a grad student or an undergrad interested in research I need to you listen to me very carefully.
You cannot learn to write good research papers if you do not read good research papers.
Stop asking LLMs to summarize papers for you.
You cannot learn to write good research papers if you do not read good research papers.
Stop asking LLMs to summarize papers for you.
May 3, 2025 at 8:25 PM
If you're a grad student or an undergrad interested in research I need to you listen to me very carefully.
You cannot learn to write good research papers if you do not read good research papers.
Stop asking LLMs to summarize papers for you.
You cannot learn to write good research papers if you do not read good research papers.
Stop asking LLMs to summarize papers for you.
Reposted by Nicolas Christin
Posted slides for my CSEE&T keynote here conf.researchr.org/details/icse...
The Promise and Peril of SE Education in the Age of AI (CSEE&T 2025 - IEEE Conference on Software Engineering Education and Training (CSEE&T)) - ICSE 2025
In 2025, the IEEE Conference on Software Engineering Education and Training (CSEE&T) will replace ICSE’s traditional education track (SEET). CSEE&T 2025 will be co-located with ICSE 2025 on Monday 28 ...
conf.researchr.org
May 2, 2025 at 3:32 PM
Posted slides for my CSEE&T keynote here conf.researchr.org/details/icse...
Reposted by Nicolas Christin
I'm thrilled to announce that I'll be joining Carnegie Mellon as an Assistant Professor of Human-Computer Interaction (with a courtesy joint appointment in Social and Decision Sciences) in 2026!
April 10, 2025 at 7:32 PM
I'm thrilled to announce that I'll be joining Carnegie Mellon as an Assistant Professor of Human-Computer Interaction (with a courtesy joint appointment in Social and Decision Sciences) in 2026!